Government Germany Suspects Russia Is Behind Signal Phishing That Targeted Top Officials Federal prosecutors have been conducting a preliminary investigation since mid-February 2026 into alleged cyberattacks on Signal accounts. By Associated Press | April 28, 2026 (6:54 AM ET) Flipboard Reddit Whatsapp Whatsapp Email The German government suspects Russia is behind a series of phishing attacks on Signal targeting high-ranking politicians, including two government ministers, military personnel and journalists, a government spokesperson said. Federal prosecutors have been conducting a preliminary investigation since mid-February 2026 into alleged cyberattacks on Signal accounts, a spokesperson for the federal prosecutors confirmed on Saturday. Among other things, the investigation involves an initial suspicion of espionage, she added, without specifying which country might be involved. The German government has still not officially attributed the attacks to Russia. Germany and other European countries have been under increased pressure from cyberattacks and other malign activity linked to Russia by Western officials since Moscow’s full-scale invasion of Ukraine in February 2022. Around 300 Signal accounts belonging to individuals within the political sphere were compromised in the attacks, German magazine Der Spiegel reported, quoting governmental sources. Advertisement. Scroll to continue reading. There is no official confirmation of the names of the victims. According to Der Spiegel, the targeted users received messages from a fake Signal security chatbot that informed them of suspicious activity on their accounts and asked them to take immediate action. If the user followed the instructions, including entering a PIN or scanning a QR code, their Signal accounts were linked to an external device controlled by the hackers. This allowed the attackers to read past chats, follow ongoing conversations and even see address books and other data stored by the users. In February, Germany’s domestic intelligence service BfV and the federal cybersecurity authority BSI had issued a public warning about such a phishing campaign, saying it was “likely being carried out by a state-controlled cyber actor.” According to the German press agency dpa, German authorities also contacted several politicians personally to warn them such attacks may have happened. In March, Dutch intelligence and security services also warned that “Russian state hackers are engaged in a large-scale global cyber campaign to gain access to Signal and WhatsApp accounts belonging to dignitaries, military personnel and civil servants.” Targets include Dutch government employees, the Dutch authorities warned at the time, and journalists may also have been targeted. The Russian embassy in Berlin did not respond to an AP request for comment. Moscow has repeatedly denied ⁠it is spying on other countries. Alexander Graf Lambsdorff, the German ambassador to Russia, was summoned to the Russian Foreign Ministry on Monday morning, dpa reported, regarding alleged contacts between German politicians and terrorist organizations. No connection has been made between the summons and the German media revelations about the Signal phishing attacks. “I will, of course, comply with the summons. I consider it unlikely that the Russian side will be able to substantiate its accusations,” Lambsdorff said in advance. Relations between the two countries have been tense for years. Related : New Sturnus Banking Trojan Targets WhatsApp, Telegram, Signal Messages Related : Russian APT Hits Ukrainian Government With New Malware via Signal Related : How Russian Hackers Are Exploiting Signal ‘Linked Devices’ Feature for Real-Time Spying Written By Associated Press More from Associated Press US Launches Sweeping Crackdown on Southeast Asia Cyberscams and Sanctions Cambodian Senator Trump Administration Vows Crackdown on Chinese Companies ‘Exploiting’ AI Models Made in US Most Serious Cyberattacks Against the UK Now From Russia, Iran and China, Cyber Chief Says Senate Extends Surveillance Powers Until April 30 After Chaotic Votes in House White House Chief of Staff to Meet With Anthropic CEO Over Its New AI Technology Lawmakers Gathered Quietly to Talk About AI. Angst and Fears of ‘Destruction’ Followed Sweden Blames Pro-Russian Group for Cyberattack Last Year on Its Energy Infrastructure Trump Urges Extending Foreign Surveillance Program as Some Lawmakers Push for US Privacy Protections Latest News Spectrum Security Emerges From Stealth Mode With $19 Million Medtronic Hack Confirmed After ShinyHunters Threatens Data Leak Incomplete Windows Patch Opens Door to Zero-Click Attacks OpenSSH Flaw Allowing Full Root Shell Access Lurked for 15 Years Malicious AI Prompt Injection Attacks Increasing, but Sophistication Still Low: Google Energy and Water Management Firm Itron Hacked UNC6692 Uses Email Bombing, Social Engineering to Deploy ‘Snow’ Malware Easily Exploitable ‘Pack2TheRoot’ Linux Vulnerability Leads to Root Access Trending Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: A Step-by-Step Approach to AI Governance April 28, 2026 With "Shadow AI" usage becoming prevalent in organizations, learn how to balance the need for rapid experimentation with the rigorous controls required for enterprise-grade deployment. Register Virtual Event: Threat Detection and Incident Response Summit May 20, 2026 Delve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization. Register People on the Move Neill Feather has been named Chief Executive Officer at Point Wild. Oasis Security has appointed Michael DeCesare as President. Sterling Wilson has joined IGEL as Global Field CTO, Business Continuity and Disaster Recovery. More People On The Move Expert Insights Why Cybersecurity Must Rethink Defense in the Age of Autonomous Agents From autonomous code generation to decision-making systems that initiate actions without human intervention, the industry is entering a new phase. (Torsten George) Government Can’t Win the Cyber War Without the Private Sector Securing national resilience now depends on faster, deeper partnerships with the private sector. (Steve Durbin) The Hidden ROI of Visibility: Better Decisions, Better Behavior, Better Security Beyond monitoring and compliance, visibility acts as a powerful deterrent, shaping user behavior, improving collaboration, and enabling more accurate, data-driven security decisions. (Joshua Goldfarb) The New Rules of Engagement: Matching Agentic Attack Speed The cybersecurity response to AI-enabled nation-state threats cannot be incremental. It must be architectural. (Nadir Izrael) The Next Cybersecurity Crisis Isn’t Breaches—It’s Data You Can’t Trust Data integrity shouldn’t be seen only through the prism of a technical concern but also as a leadership issue. (Steve Durbin) Flipboard Reddit Whatsapp Whatsapp Email